codekin 0.6.5 → 0.7.0

package/dist/index.html

@@ -5,8 +5,8 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover" />
     <link rel="icon" type="image/svg+xml" href="/favicon.svg" />
     <title>Codekin</title>
-    <script type="module" crossorigin src="/assets/index-B0xIzdCK.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-Q2WSVlHo.css">
+    <script type="module" crossorigin src="/assets/index-JVnFWiSw.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-CLuQVRRb.css">
   </head>
   <body class="bg-neutral-12 text-neutral-2">
     <div id="root"></div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codekin",
-  "version": "0.6.5",
+  "version": "0.7.0",
   "license": "MIT",
   "licenseNotes": "dompurify is dual-licensed (MPL-2.0 OR Apache-2.0); both are permissively compatible with MIT for library use. lightningcss (MPL-2.0) is a build-time-only dependency used by TailwindCSS and is not included in distributed artifacts.",
   "author": "multiplier-labs",
@@ -39,8 +39,10 @@
   "dependencies": {
     "better-sqlite3": "^12.9.0",
     "express": "^5.1.0",
+    "file-type": "^22.0.1",
     "multer": "^2.0.0",
-    "ws": "^8.18.0"
+    "ws": "^8.21.0",
+    "yaml": "^2.9.0"
   },
   "overrides": {
     "undici": "^7.24.0",

package/server/dist/anthropic-models.d.ts

@@ -0,0 +1,40 @@
+/**
+ * Discovers available Claude models via two strategies:
+ *
+ * 1. **Anthropic API** — `GET /v1/models` using ANTHROPIC_API_KEY (if set).
+ *    Returns the full catalog, cached for 1 hour.
+ *
+ * 2. **CLI alias probing** — Spawns `claude -p --model <alias> "ok"` for each
+ *    known alias (opus, sonnet, haiku) and reads the resolved model ID from
+ *    the JSON output's `modelUsage` field. Runs once per day, triggered on
+ *    first session creation. Works with OAuth/subscription auth (no API key).
+ *
+ * Falls back to a hardcoded list when neither strategy has completed yet.
+ */
+export interface ClaudeModelInfo {
+    id: string;
+    label: string;
+}
+/** Hardcoded fallback used until dynamic discovery completes.
+ *  Per https://platform.claude.com/docs/en/about-claude/models/overview */
+export declare const FALLBACK_MODELS: ClaudeModelInfo[];
+/**
+ * Synchronously return the best-known default Claude model ID — the first
+ * (newest) entry of the discovered list, or the hardcoded fallback's first
+ * entry when discovery hasn't completed yet. This matches the model the
+ * frontend auto-selects (the [0] of the same list), so new sessions start on
+ * it directly instead of letting the CLI pick a stale default and forcing a
+ * disruptive model-switch restart that drops the user's first message.
+ */
+export declare function getDefaultClaudeModel(): string;
+/**
+ * Return available Claude models. Uses cached results when valid.
+ * Called by the GET /api/claude/models endpoint.
+ */
+export declare function fetchAnthropicModels(): Promise<ClaudeModelInfo[]>;
+/**
+ * Trigger a background CLI alias probe if the cache is stale or empty.
+ * Call this on first session creation of the day. Non-blocking — returns
+ * immediately and updates the cache when the probe finishes.
+ */
+export declare function triggerCliProbeIfNeeded(): void;

package/server/dist/anthropic-models.js

@@ -0,0 +1,212 @@
+/**
+ * Discovers available Claude models via two strategies:
+ *
+ * 1. **Anthropic API** — `GET /v1/models` using ANTHROPIC_API_KEY (if set).
+ *    Returns the full catalog, cached for 1 hour.
+ *
+ * 2. **CLI alias probing** — Spawns `claude -p --model <alias> "ok"` for each
+ *    known alias (opus, sonnet, haiku) and reads the resolved model ID from
+ *    the JSON output's `modelUsage` field. Runs once per day, triggered on
+ *    first session creation. Works with OAuth/subscription auth (no API key).
+ *
+ * Falls back to a hardcoded list when neither strategy has completed yet.
+ */
+import { execFile } from 'child_process';
+import { CLAUDE_BINARY } from './config.js';
+/** Hardcoded fallback used until dynamic discovery completes.
+ *  Per https://platform.claude.com/docs/en/about-claude/models/overview */
+export const FALLBACK_MODELS = [
+    { id: 'claude-opus-4-8', label: 'Opus 4.8' },
+    { id: 'claude-fable-5', label: 'Fable 5' },
+    { id: 'claude-opus-4-7', label: 'Opus 4.7' },
+    { id: 'claude-opus-4-6', label: 'Opus 4.6' },
+    { id: 'claude-sonnet-4-6', label: 'Sonnet 4.6' },
+    { id: 'claude-haiku-4-5-20251001', label: 'Haiku 4.5' },
+];
+/**
+ * Candidate model IDs to probe via the CLI. We don't probe aliases (opus/sonnet/haiku)
+ * because the CLI's alias resolution lags — `opus` still resolves to 4-6 even when
+ * 4-8 is the latest. Instead, we probe specific version IDs spanning current and
+ * likely-future releases. Failed probes return in ~2.5s at zero cost; successful
+ * probes cost ~$0.04 each. Probing in parallel keeps total wall time under 5s.
+ */
+const CANDIDATE_MODEL_IDS = [
+    // Fable family (5th-generation flagship; GA 2026-06-09). Dateless pinned ID.
+    'claude-fable-5',
+    'claude-fable-6',
+    // Opus family (currently 4.6, 4.7, 4.8 are live; probe ahead for new releases)
+    'claude-opus-4-6',
+    'claude-opus-4-7',
+    'claude-opus-4-8',
+    'claude-opus-4-9',
+    'claude-opus-5-0',
+    // Sonnet family (currently 4.6 is latest; probe ahead)
+    'claude-sonnet-4-6',
+    'claude-sonnet-4-7',
+    'claude-sonnet-4-8',
+    'claude-sonnet-5-0',
+    // Haiku family (currently 4.5 is latest; probe ahead — note dated suffix)
+    'claude-haiku-4-5-20251001',
+    'claude-haiku-4-6',
+    'claude-haiku-4-7',
+    'claude-haiku-5-0',
+];
+// ---------------------------------------------------------------------------
+// Shared cache
+// ---------------------------------------------------------------------------
+let cache = null;
+const API_CACHE_TTL_MS = 60 * 60 * 1000; // 1 hour  (API is cheap, refresh often)
+const CLI_CACHE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours (CLI probing costs tokens)
+/** In-flight probe promise — prevents duplicate concurrent probes. */
+let probeInFlight = null;
+// ---------------------------------------------------------------------------
+// Label helper
+// ---------------------------------------------------------------------------
+/**
+ * Build a human-friendly label from a model ID.
+ * e.g. "claude-opus-4-8" → "Opus 4.8"
+ *      "claude-haiku-4-5-20251001" → "Haiku 4.5"
+ *      "claude-fable-5" → "Fable 5"  (single-version, dateless IDs)
+ */
+function labelFromId(id) {
+    const rest = id.replace(/^claude-/, '');
+    const m = rest.match(/^(\w+?)-(\d+)(?:-(\d+))?/);
+    if (m) {
+        const family = m[1].charAt(0).toUpperCase() + m[1].slice(1);
+        return m[3] ? `${family} ${m[2]}.${m[3]}` : `${family} ${m[2]}`;
+    }
+    return id;
+}
+async function fetchViaApi() {
+    const apiKey = process.env.ANTHROPIC_API_KEY || process.env.CLAUDE_CODE_API_KEY;
+    if (!apiKey)
+        return null;
+    const res = await fetch('https://api.anthropic.com/v1/models?limit=100', {
+        headers: {
+            'x-api-key': apiKey,
+            'anthropic-version': '2023-06-01',
+        },
+        signal: AbortSignal.timeout(10_000),
+    });
+    if (!res.ok)
+        return null;
+    const data = (await res.json());
+    if (!Array.isArray(data.data) || data.data.length === 0)
+        return null;
+    const models = data.data
+        .filter(m => m.id.startsWith('claude-') && !m.id.includes('embed'))
+        .sort((a, b) => {
+        if (a.created_at && b.created_at)
+            return b.created_at.localeCompare(a.created_at);
+        return 0;
+    })
+        .map(m => ({ id: m.id, label: m.display_name || labelFromId(m.id) }));
+    return models.length > 0 ? models : null;
+}
+// ---------------------------------------------------------------------------
+// Strategy 2: CLI alias probing
+// ---------------------------------------------------------------------------
+/**
+ * Probe a single model ID via the CLI. Returns the model ID if available,
+ * null otherwise. Failed probes return in ~2.5s without consuming tokens;
+ * successful probes take ~4.5s and cost ~$0.04 (one short turn).
+ */
+function probeModel(modelId) {
+    return new Promise(resolve => {
+        const child = execFile(CLAUDE_BINARY, 
+        // Note: do NOT pass --bare — it strips the modelUsage field we need.
+        ['-p', '--model', modelId, '--output-format', 'json', 'reply with only: ok'], { timeout: 30_000 }, (err, stdout) => {
+            if (err) {
+                resolve(null);
+                return;
+            }
+            try {
+                const result = JSON.parse(stdout);
+                if (result.is_error) {
+                    resolve(null);
+                    return;
+                }
+                const id = Object.keys(result.modelUsage ?? {})[0];
+                resolve(id || null);
+            }
+            catch {
+                resolve(null);
+            }
+        });
+        child.unref?.();
+    });
+}
+/** Probe all candidate model IDs in parallel. */
+async function fetchViaCli() {
+    const results = await Promise.all(CANDIDATE_MODEL_IDS.map(probeModel));
+    const models = [];
+    const seen = new Set();
+    for (const id of results) {
+        if (id && !seen.has(id)) {
+            seen.add(id);
+            models.push({ id, label: labelFromId(id) });
+        }
+    }
+    // Sort newest version first within each family (opus > sonnet > haiku ordering preserved by input)
+    return models.length > 0 ? models : null;
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Synchronously return the best-known default Claude model ID — the first
+ * (newest) entry of the discovered list, or the hardcoded fallback's first
+ * entry when discovery hasn't completed yet. This matches the model the
+ * frontend auto-selects (the [0] of the same list), so new sessions start on
+ * it directly instead of letting the CLI pick a stale default and forcing a
+ * disruptive model-switch restart that drops the user's first message.
+ */
+export function getDefaultClaudeModel() {
+    return (cache?.models[0] ?? FALLBACK_MODELS[0]).id;
+}
+/**
+ * Return available Claude models. Uses cached results when valid.
+ * Called by the GET /api/claude/models endpoint.
+ */
+export async function fetchAnthropicModels() {
+    if (cache && Date.now() < cache.expiresAt) {
+        return cache.models;
+    }
+    // Strategy 1: Anthropic API (fast, full catalog)
+    try {
+        const apiModels = await fetchViaApi();
+        if (apiModels) {
+            cache = { models: apiModels, expiresAt: Date.now() + API_CACHE_TTL_MS };
+            return apiModels;
+        }
+    }
+    catch { /* fall through */ }
+    // If CLI probe has already cached results, use those
+    if (cache)
+        return cache.models;
+    return FALLBACK_MODELS;
+}
+/**
+ * Trigger a background CLI alias probe if the cache is stale or empty.
+ * Call this on first session creation of the day. Non-blocking — returns
+ * immediately and updates the cache when the probe finishes.
+ */
+export function triggerCliProbeIfNeeded() {
+    // Skip if cache is still valid or a probe is already running
+    if (cache && Date.now() < cache.expiresAt)
+        return;
+    if (probeInFlight)
+        return;
+    // Skip if API key is available (fetchAnthropicModels will use the API instead)
+    if (process.env.ANTHROPIC_API_KEY || process.env.CLAUDE_CODE_API_KEY)
+        return;
+    probeInFlight = fetchViaCli()
+        .then(models => {
+        if (models) {
+            cache = { models, expiresAt: Date.now() + CLI_CACHE_TTL_MS };
+        }
+    })
+        .catch(() => { })
+        .finally(() => { probeInFlight = null; });
+}
+//# sourceMappingURL=anthropic-models.js.map

package/server/dist/anthropic-models.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic-models.js","sourceRoot":"","sources":["../anthropic-models.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAO3C;2EAC2E;AAC3E,MAAM,CAAC,MAAM,eAAe,GAAsB;IAChD,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,UAAU,EAAE;IAC5C,EAAE,EAAE,EAAE,gBAAgB,EAAE,KAAK,EAAE,SAAS,EAAE;IAC1C,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,UAAU,EAAE;IAC5C,EAAE,EAAE,EAAE,iBAAiB,EAAE,KAAK,EAAE,UAAU,EAAE;IAC5C,EAAE,EAAE,EAAE,mBAAmB,EAAE,KAAK,EAAE,YAAY,EAAE;IAChD,EAAE,EAAE,EAAE,2BAA2B,EAAE,KAAK,EAAE,WAAW,EAAE;CACxD,CAAA;AAED;;;;;;GAMG;AACH,MAAM,mBAAmB,GAAa;IACpC,6EAA6E;IAC7E,gBAAgB;IAChB,gBAAgB;IAChB,+EAA+E;IAC/E,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;IACjB,uDAAuD;IACvD,mBAAmB;IACnB,mBAAmB;IACnB,mBAAmB;IACnB,mBAAmB;IACnB,0EAA0E;IAC1E,2BAA2B;IAC3B,kBAAkB;IAClB,kBAAkB;IAClB,kBAAkB;CACnB,CAAA;AAED,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E,IAAI,KAAK,GAA4D,IAAI,CAAA;AACzE,MAAM,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAK,wCAAwC;AACpF,MAAM,gBAAgB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAA,CAAC,sCAAsC;AAEnF,sEAAsE;AACtE,IAAI,aAAa,GAAyB,IAAI,CAAA;AAE9C,8EAA8E;AAC9E,eAAe;AACf,8EAA8E;AAE9E;;;;;GAKG;AACH,SAAS,WAAW,CAAC,EAAU;IAC7B,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC,CAAA;IACvC,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAA;IAChD,IAAI,CAAC,EAAE,CAAC;QACN,MAAM,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAC3D,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IACjE,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAcD,KAAK,UAAU,WAAW;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAA;IAC/E,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAA;IAExB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,+CAA+C,EAAE;QACvE,OAAO,EAAE;YACP,WAAW,EAAE,MAAM;YACnB,mBAAmB,EAAE,YAAY;SAClC;QACD,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;KACpC,CAAC,CAAA;IACF,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,OAAO,IAAI,CAAA;IAExB,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAA4B,CAAA;IAC1D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAEpE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI;SACrB,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;SAClE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QACb,IAAI,CAAC,CAAC,UAAU,IAAI,CAAC,CAAC,UAAU;YAAE,OAAO,CAAC,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAA;QACjF,OAAO,CAAC,CAAA;IACV,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,YAAY,IAAI,WAAW,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAA;IAEvE,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAA;AAC1C,CAAC;AAED,8EAA8E;AAC9E,gCAAgC;AAChC,8EAA8E;AAE9E;;;;GAIG;AACH,SAAS,UAAU,CAAC,OAAe;IACjC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE;QAC3B,MAAM,KAAK,GAAG,QAAQ,CACpB,aAAa;QACb,qEAAqE;QACrE,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,qBAAqB,CAAC,EAC5E,EAAE,OAAO,EAAE,MAAM,EAAE,EACnB,CAAC,GAAG,EAAE,MAAM,EAAE,EAAE;YACd,IAAI,GAAG,EAAE,CAAC;gBAAC,OAAO,CAAC,IAAI,CAAC,CAAC;gBAAC,OAAM;YAAC,CAAC;YAClC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAiE,CAAA;gBACjG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;oBAAC,OAAO,CAAC,IAAI,CAAC,CAAC;oBAAC,OAAM;gBAAC,CAAC;gBAC9C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;gBAClD,OAAO,CAAC,EAAE,IAAI,IAAI,CAAC,CAAA;YACrB,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,CAAC,IAAI,CAAC,CAAA;YACf,CAAC;QACH,CAAC,CACF,CAAA;QACD,KAAK,CAAC,KAAK,EAAE,EAAE,CAAA;IACjB,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,iDAAiD;AACjD,KAAK,UAAU,WAAW;IACxB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,CAAA;IACtE,MAAM,MAAM,GAAsB,EAAE,CAAA;IACpC,MAAM,IAAI,GAAG,IAAI,GAAG,EAAU,CAAA;IAE9B,KAAK,MAAM,EAAE,IAAI,OAAO,EAAE,CAAC;QACzB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAA;YACZ,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,WAAW,CAAC,EAAE,CAAC,EAAE,CAAC,CAAA;QAC7C,CAAC;IACH,CAAC;IAED,mGAAmG;IACnG,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAA;AAC1C,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;GAOG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;AACpD,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,IAAI,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO,KAAK,CAAC,MAAM,CAAA;IACrB,CAAC;IAED,iDAAiD;IACjD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,WAAW,EAAE,CAAA;QACrC,IAAI,SAAS,EAAE,CAAC;YACd,KAAK,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,EAAE,CAAA;YACvE,OAAO,SAAS,CAAA;QAClB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,kBAAkB,CAAC,CAAC;IAE9B,qDAAqD;IACrD,IAAI,KAAK;QAAE,OAAO,KAAK,CAAC,MAAM,CAAA;IAE9B,OAAO,eAAe,CAAA;AACxB,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB;IACrC,6DAA6D;IAC7D,IAAI,KAAK,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS;QAAE,OAAM;IACjD,IAAI,aAAa;QAAE,OAAM;IAEzB,+EAA+E;IAC/E,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB;QAAE,OAAM;IAE5E,aAAa,GAAG,WAAW,EAAE;SAC1B,IAAI,CAAC,MAAM,CAAC,EAAE;QACb,IAAI,MAAM,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,EAAE,CAAA;QAC9D,CAAC;IACH,CAAC,CAAC;SACD,KAAK,CAAC,GAAG,EAAE,GAAuB,CAAC,CAAC;SACpC,OAAO,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI,CAAA,CAAC,CAAC,CAAC,CAAA;AAC5C,CAAC"}

package/server/dist/claude-process.d.ts

@@ -11,7 +11,7 @@
  * - Turn results and process exit
  */
 import { EventEmitter } from 'events';
-import type { ClaudeEvent, TaskItem, PromptQuestion, PermissionMode } from './types.js';
+import type { ClaudeEvent, TaskItem, PromptQuestion, PermissionMode, SessionUsage } from './types.js';
 import { type CodingProcess, type CodingProvider, type ProviderCapabilities } from './coding-process.js';
 /** Options for constructing a ClaudeProcess. Replaces positional constructor parameters. */
 export interface ClaudeProcessOptions {
@@ -51,6 +51,7 @@ export interface ClaudeProcessEvents {
     todo_update: [tasks: TaskItem[]];
     image: [base64: string, mediaType: string];
     result: [text: string, isError: boolean];
+    usage: [usage: SessionUsage];
     rate_limit: [event: Record<string, unknown>];
     error: [message: string];
     exit: [code: number | null, signal: string | null];
@@ -74,6 +75,9 @@ export declare class ClaudeProcess extends EventEmitter<ClaudeProcessEvents> imp
      * skip retries when this flag is true.
      */
     private _sessionConflict;
+    /** Cumulative token counts across all result events in this process's lifetime. */
+    private cumulativeInputTokens;
+    private cumulativeOutputTokens;
     /**
      * Set to true when spawn() itself fails (ENOENT, EACCES, etc.).
      * Distinguished from "process started but produced no output" — the latter
@@ -91,6 +95,8 @@ export declare class ClaudeProcess extends EventEmitter<ClaudeProcessEvents> imp
     private tool;
     private tasks;
     private taskSeq;
+    /** Outbound control requests (server → CLI, e.g. set_permission_mode) awaiting a control_response. */
+    private pendingOutboundControl;
     /** Additional env vars passed to the child process (session ID, port, token). */
     private extraEnv;
     /** When true, use `--resume` instead of `--session-id` to resume an existing session. */
@@ -139,13 +145,25 @@ export declare class ClaudeProcess extends EventEmitter<ClaudeProcessEvents> imp
      * for user interaction, not permissions).
      */
     private handleControlRequest;
-    /** Send a control_response back to the CLI to allow or deny a pending request. */
-    sendControlResponse(requestId: string, behavior: 'allow' | 'deny', updatedInput?: Record<string, unknown>, message?: string): void;
+    /**
+     * Send a control_response back to the CLI to allow or deny a pending request.
+     * 'allow_always' is treated as 'allow' — the CLI protocol has no persistent
+     * grant; persistence is handled by Codekin's ApprovalManager.
+     */
+    sendControlResponse(requestId: string, behavior: 'allow' | 'deny' | 'allow_always', updatedInput?: Record<string, unknown>, message?: string): void;
     /**
      * Update internal task state from TodoWrite/TaskCreate/TaskUpdate tool calls.
      * Returns true if the task list changed (caller should emit todo_update).
      */
     private handleTaskTool;
+    /** Keep taskSeq ahead of any numeric id we have seen, so generated ids never collide. */
+    private syncTaskSeq;
+    /**
+     * Seed task state from a previous process's last known list (session restore).
+     * Without this, a restarted process starts with an empty map and TaskUpdate
+     * calls referencing pre-restart task ids would otherwise be lost.
+     */
+    seedTasks(tasks: TaskItem[]): void;
     /**
      * Extract a short summary from extended thinking text.
      * Tries to grab the first sentence (up to 120 chars), or truncates at a
@@ -154,6 +172,16 @@ export declare class ClaudeProcess extends EventEmitter<ClaudeProcessEvents> imp
     private extractThinkingSummary;
     /** Send a user message to the Claude CLI via stdin (stream-json format). */
     sendMessage(content: string): void;
+    /**
+     * Change the CLI's permission mode in-place via a stream-json control request,
+     * without restarting the process (which would kill in-flight turns and pending
+     * approvals). Resolves true on CLI acknowledgement, false on timeout/error/exit —
+     * callers should fall back to a process restart on false.
+     *
+     * 'dangerouslySkipPermissions' is a spawn flag (--dangerously-skip-permissions),
+     * not a runtime mode, so it always requires a restart.
+     */
+    setPermissionMode(mode: PermissionMode): Promise<boolean>;
     /** Write raw data to stdin (used for control_response messages). */
     sendRaw(data: string): void;
     /** Gracefully stop the process (SIGTERM, then SIGKILL after 5s timeout). */

package/server/dist/claude-process.js

@@ -41,6 +41,9 @@ export class ClaudeProcess extends EventEmitter {
      * skip retries when this flag is true.
      */
     _sessionConflict = false;
+    /** Cumulative token counts across all result events in this process's lifetime. */
+    cumulativeInputTokens = 0;
+    cumulativeOutputTokens = 0;
     /**
      * Set to true when spawn() itself fails (ENOENT, EACCES, etc.).
      * Distinguished from "process started but produced no output" — the latter
@@ -60,6 +63,8 @@ export class ClaudeProcess extends EventEmitter {
     // Task/todo state: mirrors Claude's internal todo list for the UI
     tasks = new Map();
     taskSeq = 0;
+    /** Outbound control requests (server → CLI, e.g. set_permission_mode) awaiting a control_response. */
+    pendingOutboundControl = new Map;
     /** Additional env vars passed to the child process (session ID, port, token). */
     extraEnv;
     /** When true, use `--resume` instead of `--session-id` to resume an existing session. */
@@ -146,6 +151,10 @@ export class ClaudeProcess extends EventEmitter {
         // a resume.  Uses the full binary path + exact session UUID to avoid
         // matching unrelated processes.
         if (this.resume) {
+            // Guard against non-UUID values being interpolated into the pkill pattern
+            if (!/^[0-9a-f-]{36}$/i.test(this.sessionId)) {
+                throw new Error(`[claude-spawn] sessionId is not a valid UUID: ${this.sessionId}`);
+            }
             try {
                 const pattern = `${CLAUDE_BINARY} .*(--resume|--session-id) ${this.sessionId}(\\s|$)`;
                 execFileSync('pkill', ['-f', pattern], { timeout: 2000, stdio: 'ignore' });
@@ -154,7 +163,10 @@ export class ClaudeProcess extends EventEmitter {
                 // pkill exits 1 when no matching process is found — that's the happy path
             }
         }
-        console.log(`[claude-spawn] cwd=${this.workingDir} args=${JSON.stringify(args)}`);
+        const redactedArgs = args.map((a, i) => i > 0 && /^[0-9a-f-]{36}$/i.test(a) && ['--session-id', '--resume'].includes(args[i - 1])
+            ? '<redacted>'
+            : a);
+        console.log(`[claude-spawn] cwd=${this.workingDir} args=${JSON.stringify(redactedArgs)}`);
         this.proc = spawn(CLAUDE_BINARY, args, {
             cwd: this.workingDir,
             stdio: ['pipe', 'pipe', 'pipe'],
@@ -204,6 +216,11 @@ export class ClaudeProcess extends EventEmitter {
             this.rl = null;
             this.proc = null;
             this.tasks.clear();
+            // Fail any outbound control requests still awaiting a response —
+            // the process is gone, so callers should fall back to a restart.
+            for (const resolve of this.pendingOutboundControl.values())
+                resolve(false);
+            this.pendingOutboundControl.clear();
             this.emit('exit', code, signal);
         });
     }
@@ -233,7 +250,7 @@ export class ClaudeProcess extends EventEmitter {
             console.log(`[event] type=${event.type} subtype=${subtype || '-'}`);
         }
         // Log all event types we DON'T handle to catch unknown protocol messages
-        if (!['system', 'stream_event', 'assistant', 'user', 'result', 'control_request', 'rate_limit_event'].includes(event.type)) {
+        if (!['system', 'stream_event', 'assistant', 'user', 'result', 'control_request', 'control_response', 'rate_limit_event'].includes(event.type)) {
             console.log(`[event-unhandled] type=${event.type} data=${JSON.stringify(event).slice(0, 300)}`);
         }
         switch (event.type) {
@@ -255,6 +272,20 @@ export class ClaudeProcess extends EventEmitter {
                 break;
             case 'result': {
                 const resultEvent = event;
+                // Surface cumulative token/cost usage. The CLI's result event carries
+                // per-turn usage plus a cumulative total_cost_usd for the session.
+                const u = resultEvent.usage;
+                if (u) {
+                    this.cumulativeInputTokens += (u.input_tokens ?? 0) + (u.cache_read_input_tokens ?? 0) + (u.cache_creation_input_tokens ?? 0);
+                    this.cumulativeOutputTokens += u.output_tokens ?? 0;
+                }
+                if (u || typeof resultEvent.total_cost_usd === 'number') {
+                    this.emit('usage', {
+                        inputTokens: this.cumulativeInputTokens,
+                        outputTokens: this.cumulativeOutputTokens,
+                        ...(typeof resultEvent.total_cost_usd === 'number' ? { costUsd: resultEvent.total_cost_usd } : {}),
+                    });
+                }
                 this.emit('result', resultEvent.result || '', resultEvent.is_error || false);
                 break;
             }
@@ -265,6 +296,18 @@ export class ClaudeProcess extends EventEmitter {
                 this.handleControlRequest(ctrlEvent);
                 break;
             }
+            case 'control_response': {
+                // Response to an outbound control_request we sent (e.g. set_permission_mode).
+                const resp = event.response;
+                if (resp?.request_id) {
+                    const resolve = this.pendingOutboundControl.get(resp.request_id);
+                    if (resolve) {
+                        this.pendingOutboundControl.delete(resp.request_id);
+                        resolve(resp.subtype === 'success');
+                    }
+                }
+                break;
+            }
             case 'rate_limit_event':
                 this.emit('rate_limit', event);
                 break;
@@ -348,7 +391,9 @@ export class ClaudeProcess extends EventEmitter {
             if (this.handleTaskTool(this.tool.name, parsed)) {
                 if (TOOL_DEBUG)
                     console.log('[task-debug] emitting todo_update, tasks:', this.tasks.size);
-                this.emit('todo_update', Array.from(this.tasks.values()));
+                // Copy items so later in-place TaskUpdate mutations don't alias into
+                // previously broadcast/history-stored snapshots.
+                this.emit('todo_update', Array.from(this.tasks.values(), t => ({ ...t })));
             }
         }
         catch (err) {
@@ -472,7 +517,11 @@ export class ClaudeProcess extends EventEmitter {
             this.emit('control_request', request_id, toolName, toolInput);
         }
     }
-    /** Send a control_response back to the CLI to allow or deny a pending request. */
+    /**
+     * Send a control_response back to the CLI to allow or deny a pending request.
+     * 'allow_always' is treated as 'allow' — the CLI protocol has no persistent
+     * grant; persistence is handled by Codekin's ApprovalManager.
+     */
     sendControlResponse(requestId, behavior, updatedInput, message) {
         // The CLI expects a nested format: { type, response: { subtype, request_id, response: { behavior, ... } } }
         // Inner response schema:
@@ -505,15 +554,18 @@ export class ClaudeProcess extends EventEmitter {
      * Returns true if the task list changed (caller should emit todo_update).
      */
     handleTaskTool(toolName, input) {
-        // TodoWrite sends the entire list at once
+        // TodoWrite sends the entire list at once.
+        // Note: taskSeq is intentionally NOT reset — keeping ids monotonic across
+        // list generations lets the frontend detect a brand-new list by id and
+        // avoids id collisions with later TaskCreate/TaskUpdate calls.
         if (toolName === 'TodoWrite') {
             const todos = input.todos;
             if (!Array.isArray(todos))
                 return false;
             this.tasks.clear();
-            this.taskSeq = 0;
             for (const item of todos) {
                 const id = String(item.id || ++this.taskSeq);
+                this.syncTaskSeq(id);
                 const status = item.status;
                 if (status !== 'pending' && status !== 'in_progress' && status !== 'completed')
                     continue;
@@ -528,7 +580,8 @@ export class ClaudeProcess extends EventEmitter {
         }
         // TaskCreate/TaskUpdate are the newer tool names
         if (toolName === 'TaskCreate') {
-            const id = String(++this.taskSeq);
+            const id = String(input.taskId || input.id || ++this.taskSeq);
+            this.syncTaskSeq(id);
             this.tasks.set(id, {
                 id,
                 subject: String(input.subject || ''),
@@ -539,9 +592,19 @@ export class ClaudeProcess extends EventEmitter {
         }
         if (toolName === 'TaskUpdate') {
             const id = String(input.taskId || '');
-            const task = this.tasks.get(id);
-            if (!task)
+            if (!id)
                 return false;
+            let task = this.tasks.get(id);
+            if (!task) {
+                // Unknown id — our in-memory map can diverge from the CLI's real task
+                // list (e.g. after a process restart mid-session). Upsert instead of
+                // dropping the update, otherwise the UI shows a stale list forever.
+                if (input.status === 'deleted')
+                    return false;
+                task = { id, subject: String(input.subject || `Task ${id}`), status: 'pending' };
+                this.tasks.set(id, task);
+                this.syncTaskSeq(id);
+            }
             const status = input.status;
             if (status === 'deleted') {
                 this.tasks.delete(id);
@@ -558,6 +621,24 @@ export class ClaudeProcess extends EventEmitter {
         }
         return false;
     }
+    /** Keep taskSeq ahead of any numeric id we have seen, so generated ids never collide. */
+    syncTaskSeq(id) {
+        const n = Number(id);
+        if (Number.isInteger(n) && n > this.taskSeq)
+            this.taskSeq = n;
+    }
+    /**
+     * Seed task state from a previous process's last known list (session restore).
+     * Without this, a restarted process starts with an empty map and TaskUpdate
+     * calls referencing pre-restart task ids would otherwise be lost.
+     */
+    seedTasks(tasks) {
+        this.tasks.clear();
+        for (const t of tasks) {
+            this.tasks.set(t.id, { ...t });
+            this.syncTaskSeq(t.id);
+        }
+    }
     /**
      * Extract a short summary from extended thinking text.
      * Tries to grab the first sentence (up to 120 chars), or truncates at a
@@ -597,6 +678,42 @@ export class ClaudeProcess extends EventEmitter {
             this.proc.stdin.once('drain', () => { });
         }
     }
+    /**
+     * Change the CLI's permission mode in-place via a stream-json control request,
+     * without restarting the process (which would kill in-flight turns and pending
+     * approvals). Resolves true on CLI acknowledgement, false on timeout/error/exit —
+     * callers should fall back to a process restart on false.
+     *
+     * 'dangerouslySkipPermissions' is a spawn flag (--dangerously-skip-permissions),
+     * not a runtime mode, so it always requires a restart.
+     */
+    setPermissionMode(mode) {
+        if (mode === 'dangerouslySkipPermissions' || this.permissionMode === 'dangerouslySkipPermissions') {
+            return Promise.resolve(false);
+        }
+        if (!this.proc?.stdin?.writable)
+            return Promise.resolve(false);
+        const requestId = randomUUID();
+        return new Promise((resolve) => {
+            const timer = setTimeout(() => {
+                this.pendingOutboundControl.delete(requestId);
+                console.warn(`[set-permission-mode] timed out waiting for CLI ack (mode=${mode})`);
+                resolve(false);
+            }, 5000);
+            this.pendingOutboundControl.set(requestId, (ok) => {
+                clearTimeout(timer);
+                if (ok)
+                    this.permissionMode = mode;
+                console.log(`[set-permission-mode] CLI ${ok ? 'acknowledged' : 'rejected'} mode=${mode}`);
+                resolve(ok);
+            });
+            this.sendRaw(JSON.stringify({
+                type: 'control_request',
+                request_id: requestId,
+                request: { subtype: 'set_permission_mode', mode },
+            }));
+        });
+    }
     /** Write raw data to stdin (used for control_response messages). */
     sendRaw(data) {
         if (!this.proc?.stdin?.writable)